Improving Drupal Security

If you see Drupal security notifications when you're logged into your Drupal site, you're site is not secure.

But it's not just you who knows it.

Hackers can also very quickly and easily see how insecure your site is.

Don't believe me? Try this.

Visit the homepage of your site in your browser. Add CHANGELOG.txt to the end of the URL in the address bar and press enter. So the URL would be something like...

http://www.yoursite.com/CHANGELOG.txt

If you see a page not found, great — your version of Drupal is hidden from the rest of the world. If, however, you see a bunch of text on the screen, look at the first non-empty line. You'll see the version of Drupal your site is running, like so.

Drupal 7.31, 2014-08-06

That's the Drupal version you're site is running and the date that version of Drupal was released. The problem is, if you can see your Drupal version number with this method, the rest of the world can too.

Once a hacker detects an old version of Drupal, it becomes very easy for them to find freely available exploits to mount against your site. However, if you're running an up-to-date Drupal site, you have much less chance of being hacked.

I offer Drupal security support. I can keep your Drupal site up-to-date and free from known vulnerabilities.

Whenever updates are required, I review them, test them, and deploy them to your live site.